CVE-2023-33965

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33965
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33965.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-33965
Aliases
Related
Published
2023-06-01T15:15:09Z
Modified
2025-01-08T15:02:35.539038Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Brook is a cross-platform programmable network tool. The tproxy server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local tproxy service leading to remote code execution. A patch is available in version 20230606.

References

Affected packages

Git / github.com/txthinking/brook

Affected ranges

Type
GIT
Repo
https://github.com/txthinking/brook
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
314d7070c37babf6c38a0fe1eada872bb74bf03e
Fixed
314d7070c37babf6c38a0fe1eada872bb74bf03e

Affected versions

Other

v20170316
v20170322
v20170323
v20170330
v20170516
v20170723
v20170809
v20170814
v20170826
v20170909
v20171111
v20171113
v20180112
v20180227
v20180401
v20180601
v20180707
v20180909
v20181212
v20190205
v20190401
v20190601
v20200101
v20200102
v20200201
v20200214
v20200501
v20200502
v20200701
v20200801
v20200901
v20200909
v20210101
v20210214
v20210401
v20210601
v20210616
v20210701
v20220401
v20220404
v20220406
v20220501
v20220515
v20220707
v20221010
v20221212
v20230101
v20230122